12 Sep Questionit is a group project, my group did send me their papers. In each tool they discussed I needed to come wit

As Technology continues to grow and advance and organizations make great strides to maintain a foothold on advancements in technology cyber threats become ever more common and ever more persistent. Organizations who build teams of experienced tenacious individuals who act as a significant mitigation effort against threats play a huge role in protecting that organization.

White Hack Hacking is a much-needed element in setting the security posture of an organization. In todays enterprise a simple computer network is no match for a hacker with the knowledge to use the available resources and hand to find weaknesses and penetrate the company’s defenses. There is contemplation in that equipment and smart appliances, which are designed to fulfill important functions such as penetration testing or security operations are not capable of performing with the full breadth of a human. Wifite is an amazing wireless network auditing tool. Wifite is uniquely designed for use with pen testing distributions, specifically Linux distributions. It is a set it and forget it auditing tool. Its designed to power pack several combinations of wireless foot-printing and hacking into one easily automated tool. Several tools are included in the wifite python automated toolbox. Among those are Wifi Protected Access, Wired Equivalent Privacy, and Wifi Protected Setup options. Wifite aims to simplify wireless auditing and the use of Aero based tools that you can call upon and crack networks with numerous steps needed to complete specific actions.

Among the best features that this tool has, I will name a few of them. Wifite enables the auditor the ability to sort targets by signal strength based on its dB (decibel) level. You can easily factor the command and attack expression to acutely target one device with a specific setting and identifier, allowing for pinpoint precision. Anonymity in hacking is incredibly important, even more so when you are testing your company’s systems integrity. Wifite allows you to randomly change your mac address, allowing you to stay completely hidden in the event of a hack. This tool is designed to home in on the specific encryptions and security handling of the different wireless access points and associated networks and brute force its way into by injecting or intercepting handshakes. Wifite is made of several dependencies, among them are Python, Aircrack-ng, and hcxtools. The tool can use all these dependencies and packages to make hacking simple.

Three common methods of security that Wireless Access Points use: Wired Equivalent Privacy (WEP), WiFi Protected Access (WPA), and Wifi Protected Setup (WPS). Wifite Targets each and is specifically designed to interrupt, intercept, or intercede the handshake to gain access to data packets allowing ease of enumeration of usernames and passwords. WEP is very common, even more so amongst older devices, and is a weak security method which is easily cracked with the right tools. WPA ‘Once a patch for WEP’ or WPA2 ‘More intensive finished product’ is a much more security method with greater encryption variation. New Wireless Access Points and Routers now use WPA2 as a default with options embedded for AES-128 and TKIP Encryption Protocol. If the device fails to facilitate AES, it will fall on TKIP, then to WPA. WPA has been cracked but only small packets of less than twenty random characters or less are breakable. WPS is the newest, most secure method. The idea behind this method is to have both an access point and a node that supports it. If this is the case, you will be able to easily configure devices with the best preexisting security possible.

Using this Python Coded Autonomous Tool, I could wirelessly sniff out a target ‘mac, ip address, essid, channel, strength, etc.’ with precision, intercept a handshake which divulges a username and password, use the Identifiers that are in plaintext discovered during the enumeration stage to log into the device via any remote access protocol from any machine, and shut the device down or lock the users out, or retrieve pertinent information collectable for other purposes. Wireless devices, Wireless Capability, and Devices of the Internet of Things all play a pivotal role in our future. Being able to connect with access points and other devices, share data securely, and trust that your privacy is being protected can not be guaranteed. With tools such as Wifite, an advanced knowledge of technology, and the intent to take advantage could prove to be damaging.

https://tools.kali.org/wireless-attacks/wifite

Location of packaged installation: https://github.com/derv82/wifite2

https://resources.infosecinstitute.com/wifite-walkthrough-part-1/#gref

SecuredYou. https://securedyou.com/download-wifite-free-best-tool-for-cracking-wpa-wep-keys/

Perfect examples https://kalitut.com/wifite-automated-wi-fi-hacking-tool/

,

Wifi pineapple is a penetration testing tool that was developed by Hak5. Hak5 is involved in the information security industry through podcasts and have developed a number of penetration testing gear that often times combines open source software with small form factor hardware. The wifi pineapple was initially released in 2008 and is now on its 6th generation platform. The wifi pineapple is scoped for wifi penetration testing scenarios and includes various capabilities such as, reconnaissance, rogue access point deployment, and wifi enterprise attacks.

As part of the reconnaissance phase of wifi penetration testing the wifi pineapple can be configured to scan the area around. It comes with antennas, but users have the option for purchasing larger antennas for larger range. When running a scan, wifi pineapple returns with the following results:

a. SSIDs – identifies the broadcasted SSIDs and also hidden SSIDs. WIfi Pineapple is not only able to identify the SSIDs of Aps around it, but also identifying devices that are connected to them.

b. MAC Address – identifies unique hardware addresses specific to the device and enables hardware identification. MAC addresses can be changed and Wifi Pineapple has the ability to identify if a MAC address it receives has been randomized by the AP for additional security.

c. Security Protocol – identifies the type of security protocol the device is using to connect to the access point, which is typically WEP or WPA. Identifying that use a weaker encryption are more likely to be attacked.

d. Wifi Protected Setup (WPS) Status – Determines if the access point is using WPS settings

e. Channel – Identifies the channel that is being broadcasted by the Aps

f. Signal – determines the strength of the AP to help determine it’s location. A good signal strength determines if a access point is close or far from the Wifi Pineapple.

The key to the information gathering phase is to identify the access points around the wifi and their associated clients. Wifi pineapple allows the information to identify the intended target user. Isolating the desired target is

Upon gathering the information, the tool can use the information gathered to perform man in the middle attacks by spoofing a legitimate network. This is enabled by creating a rogue access point that the target device connects to. The rogue access point feature of wif pineapple allows for the target device to be deauthenticated form it’s current wifi AP connection and intercepts it’s the device’s attempt to reconnection. By being closer to the attacker then it’s intended AP, the target device authenticates to wifi pineapple first.

Once the target connects to the wifi pineapple AP is now positioned to enterprise attacks. The wifi pineapple is able to monitor the target machine’s access to the internet and potentially gather more information, such as acting as a proxy for when the target user access a website.

However, wifi pineapple is not perfect. Wifi Pineapple cannot fully use the trusted SSL communication that is typically from a user to a server, in this case, a user attempting to use a use a secure communication to a website will prompt the browser to show a warning for unverified certificates are being used. Attempting and keeping devices connected to the rogue access point is possible, but an educated use would easily identify that their device is not acting normal and is likely to disconnect the session. The dauth and man in the middle is attack is dependent on physical distance. The wifi pineapple has to be closer to the target user than to the legitimate access point. In a public setting, setting up with a laptop and an obvious device with an antenna is easy to spot.

The strengths of this tool is the information gathered from its reconnaissance scan and the tool’s ability to specifically target and deauthenticate intended users to force them to reconnect to reauthenticate. Deauthenticate attack on systems that are not within scope of a pen test is illegal and with wifi pineapple’s filtering and targeted methods, it will allow the penetration testers to stay out of jail.

,

SHORT PAPER TITLE 2

Full Title of the Paper

Author Names

University

Running head: SHORT PAPER TITLE 2

Abstract

Table of Contents Abstract 2 List of Figures 3 List of Tables 3 Heading 1 4 Heading 2 4 Heading 3. 4 Heading 4. 4 Heading 5. 4 Reference list 7 Appendix A 8 Appendix B 10

List of Figures

Figure 1. Example figure body text 6

Figure A1. Example figure appendix 9

Figure A2. Example figure appendix 9

Figure B1. Example figure appendix 10

List of Tables

Table 1 Example table body text 6

Table A1 Example table appendix 9

Aircrack-ng

Aircrack-ng is a hacking tool to crack 802.11 WEP key and WPA/WPA2-PSK key once airodump-ng capture enough data packets (Aircrack-ng, n.d.).

Aircrack-ng WEP key Cracking Methods

The Aircrack-ng cracks WEP key using two methods. The first method is (Pyshkin, Tews, Weinmann) known as PTW approach. The PTW attack is an extend of the Klein attack however it decreases the number of initialization vectors (IVs) needed to decrypt a WEP key. The PTW attack performs a key classification strategy which instead of trying all possible combinations, it chooses a set number of promising keys and continues the RC4 algorithm based on those combinations. Using divergent voting strategies, the hacker can choose the most promising key byte at each decision in the tree to discover the correct key (Aircrack-ng Documentation, n.d.). The PTW Attack has approximately 97% rate of success using only 7×104 packets (Wireless Security Attacks, n.d.). That is due the fact that the PTW attack depends on two phases. The first phase uses enhanced FMS techniques on ARP packets only, if this phase failed to find the key then it will proceed to the second phase which uses all the captured packets. The PTW approach is considered as the default approach. The pro of this approach is that it requires few data packets. On the other hand, the drawback of this approach is that it only can cracks 40 and 104 bit WEP key (Aircrack-ng, n.d.).

The second method is FMS/KoreK method. This method incorporates numerous statistical attacks to find the WEP key and utilize these in combination with brute forcing.

Aircrack-ng also can determine the WEP key using dictionary method.

FMS Attack. In 2001 Fluhrer, Mantin, and Shamir found weakness in IVs uses RC4 encryption that have B+3::ff:X format (where B is the byte of the key to be discovered, ff is the constant 255, and X is beside the point) . By knowing the plaintext in the headers of specific packets for example APR packets we can find the value of B.  The FMS Attack has approximately 50% rate of success using only 9×106 packets. (Wireless Security Attacks, n.d.)

KoreK Attack. In 2004, KoreK announce a cracking suite that performs a combination of 17 different attacks. These attacks are divided into 3 groups. The first group recovers the key form the first word of the output from the RC4 algorithm. The second group uses the first word as well as the second word. Finally, the third group which excludes certain values from being a key, instead of guessing the values of the key. The PTW Attack has approximately 97% rate of success using only 3×106 packets. (Wireless Security Attacks, n.d.)

Brute Forcing. Brute force attacks require repeated login attempts using every possible combination of letter, number, and character to guess a certain password (Kaspersky, 2020).

Dictionary Method Attack. Dictionary attacks uses an actual dictionary, but it's contains a shorter list of words that the attacker thinks are most likely to be successful. Commonly used password lists, pet names, movie characters, popular names, and other words can all be part of a dictionary list (Vigliarolo, 2018).

Aircrack-ng WPA/WPA2 keys Cracking Methods

Aircrack-ng uses only the dictionary method to crack WPA/WPA2 keys. Which was previously discussed. A “four-way handshake” is needed as input. For WPA handshakes, a full handshake is composed of four packets. However, aircrack-ng works with just 2 packets. EAPOL packets (2 and 3) or packets (3 and 4) are considered a full handshake (Aircrack-ng Documentation, n.d.).

Limitation of Aircrack-ng

Aircrack-ng tool runs on Linux, Windows, OpenBSD, FreeBSD, as well as Solaris and even eComStation 2. Unfortunately, the Aircrack-ng tool is not well supported on Windows and these operating systems as good as it is on Linux that is due the proprietary nature of the OS and wireless card drivers (“Getting_started [Aircrack-ng],” n.d.).

References

Aircrack-ng. (n.d.). Retrieved July 13, 2020, from https://www.aircrack-ng.org/

Aircrack-ng Documentation. (n.d.). Retrieved July 12, 2020, from http://www2.aircrack-ng.org/hiexpo/aircrack-ng_book_v1.pdf

Fluhrer, S., Mantin, I., & Shamir, A. (2001, August). Weaknesses in the key scheduling algorithm of RC4. In International Workshop on Selected Areas in Cryptography (pp. 1-24). Springer, Berlin, Heidelberg.

Getting_started [Aircrack-ng]. (n.d.). Retrieved July 12, 2020, from https://www.aircrack-ng.org/doku.php?id=getting_started

Kaspersky. (2020, March 31). What’s a Brute Force Attack? Retrieved July 12, 2020, from https://www.kaspersky.com/resource-center/definitions/brute-force-attack

Vigliarolo, B. (2018, December 17). Brute force and dictionary attacks: A cheat sheet. Retrieved July 12, 2020, from https://www.techrepublic.com/article/brute-force-and-dictionary-attacks-a-cheat-sheet/

Wireless Security Attacks. (n.d.). Retrieved July 12, 2020, from https://wirelessnetworkssecurity.blogspot.com/2013/01/wireless-security-attacks.html